The current environment I'm working on is all virtual using VMWare Player 4.0.1. I'm attempting to simulate a highly available NFS frontend to multiple GlusterFS backend servers. The gluster servers are both Ubuntu 10.10 running GlusterFS 3.2.5. I've configured the NFS share for a test volume to use 32-bit inodes and port 5000. The production environment that I'm testing this for is all FreeBSD, so I can't use the gluster client. I have an OpenBSD 5.0 VM designated as the gluster load balancer. I would like to eventually use multiple OpenBSD servers running relayd/CARP/PFSync/PF for failover and load balancing, but am just messing with the basics for now. I jumped right in with attempting relayd, however I had issues with it crashing on UDP redirects and the race condition on ruleset changes. Currently, I'm just trying to get a PF ruleset working as a layer 3 proxy and will use relayd in the future once those issues are resolved. Here is my current ruleset (which isn't working):
iface="vic0" my_ip="192.168.44.130" gluster_ip="192.168.44.128" set skip on lo pass on $iface pass in on $iface proto udp from any to $my_ip port 111 rdr-to $gluster_ip port 111 nat-to $my_ip pass in on $iface proto tcp from any to $my_ip port 5000 rdr-to $gluster_ip port 5000 nat-to $my_ip I have a FreeBSD 8.2 client in a VM using the command "mount -t nfs -o tcp,port=5000 192.168.44.130:/test /mnt" that keeps timing out. If i modify that IP to the gluster IP (192.168.44.128) it works and I can also mount directly from the OpenBSD server. I've included a line in the ruleset for UDP port 111 because I wasn't sure if portmap was causing problems. When analyzing tcpdump files in Wireshark, all I see are SYN packets from client to load balancer. I'm not actually seeing any packets traveling outbound that would indicate that the redirect/nat translation is even happening even though "pfctl -v -s rules" shows that the very last rule has matched packets. I would really appreciate any help on this and possibly any issues/resolutions I may run into when migrating to relayd (minus the ones I've already listed). Thanks, Joe
